Amazing writeup. An attack from top (javascript) to bottom (kernel bugs), while very clearly explaining the discovery and exploit of vulnerability in each layer. The attack is very impressive, and the writeup makes it seem easy, which is a great compliment on the clarity of the writing.<p>Of course, and as mentioned at the end, the actual discovery process was much messier :)<p>As a bonus, there are a lot of links to other interesting documents as well.
This writeup, and the first part of this series, are amazing and incredibly instructive.
But they make me embarrassed that anyone still runs or writes code that is so without memory safety that these bugs can exist.
Great article! ... I'm glad I already disable hardware acceleration having hit kernel panics there on OS X before. (I did a write up, <a href="http://www.brendangregg.com/blog/2014-05-23/osx-10.9.3-is-toxic.html" rel="nofollow">http://www.brendangregg.com/blog/2014-05-23/osx-10.9.3-is-to...</a>, but it's much less interesting/useful than this blog post).
"And if you're still running OS X Mavericks or below then why not try it out?"<p>In other words: "insecure" or "unstable" - choose one.<p>I'm all for upgrading to Yosemite, but this is a problem.
I always feel a bit strange around security and exploitation people. Security is important, but it's so much easier to destroy and criticize stuff than to build something useful and try to balance all the aspects of a product.
Thank you for sharing, this is a very good reading.
I purchased a book about using buffer overflow to hack stuff. but I'm wondering how those kernel bugs were discovered?